CVE-2025-42915
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-09-09
Assigner: SAP SE
Description
Description
Fiori app Manage Payment Blocks does not perform the necessary authorization checks, allowing an attacker with basic user privileges to abuse functionalities that should be restricted to specific user groups.This issue could impact both the confidentiality and integrity of the application without affecting the availability.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | fiori_app | From 3.1 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Fiori app Manage Payment Blocks is due to missing authorization checks. This allows an attacker with only basic user privileges to misuse functions that should be limited to specific user groups.
How can this vulnerability impact me? :
This vulnerability can impact the confidentiality and integrity of the application by allowing unauthorized users to perform restricted actions. However, it does not affect the availability of the application.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70